The User Agent requires a multi-step configuration that includes the following:
-
At least one computer with the user agent installed.
-
Connections between a Firepower Management Center and the computers or Active Directory servers with the user agent installed.
-
An identity realm configured in each Firepower Management Center that receives user data from a user agent.
For detailed information about the multi-step User Agent configuration and a complete discussion of the server requirements,
see the Cisco Firepower User
Agent Configuration Guide.
Note
|
Make sure the time on your computer or Active Directory server is synchronized with the time on the Firepower Management Center. If the appliances are not synchronized, the system might perform user timeouts at unexpected intervals.
|
The Firepower Management Center connection not only allows you to retrieve metadata for the users whose logins and logoffs were detected by User Agents,
but also is used to specify the users and groups you want to use in access control rules. If the user agent is configured
to exclude specific user names, login data for those user names are not reported to the Firepower Management Center. User agent data is stored in the user database and user activity database on the Firepower Management Center.
Note
|
User Agents cannot transmit Active Directory user names ending with the $ character to the Firepower Management Center. You must remove the final $ character if you want to monitor these users.
|
If multiple users are logged into a host using remote sessions, the agent might not detect logins from that host properly.
For information about how to prevent this, see the Cisco Firepower User
Agent Configuration Guide.